jeroen
commented
1 year ago Sorry I don't see the point of this. It is not my role to restrict what algorithms people are allowed to use. The reason we have this algo is that bcrypt-pbkdf is part of the openssh key spec so maybe you can take it up with them first: https://cvsweb.openbsd.org/src/usr.bin/ssh/PROTOCOL.key?annotate=HEAD
This PR introduces a change that prevents usage of
bcrypt_pbkdf()whenfips_mode()is enabled. Also see #112